Password-based authentication remains a ubiquitous authentication method. In password-based authentication systems, two entities (e.g., a user and a service provider) share a password in advance and use the password as the basis for authentication. In many password-based authentication systems, a user's security credentials include not only a password but also a user identifier (user ID). To obtain access to password-protected data and/or services, a user presents a valid user ID and the corresponding password. After authenticating the security credentials provided by the user, the service provider grants the user access to the protected services.